| Display name | B2C IEF Keyset Administrator | ||
|---|---|---|---|
| Id | aaf43236-0c0d-4d5f-883a-6955382ac081 | ||
| Description | Can manage secrets for federation and encryption in the Identity Experience Framework (IEF). | ||
| Detailed description | User can create and manage policy keys and secrets for token encryption, token signatures, and claim encryption/decryption. By adding new keys to existing key containers, this limited administrator can rollover secrets as needed without impacting existing applications. This user can see the full content of these secrets and their expiration dates even after their creation. This is a sensitive role. The Keyset administrator role should be carefully audited and assigned with care during preproduction and production. | ||
| Categories | identity | ||
| isPrivileged | True Privileged | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 55 | ||
| #Resource Actions Operations unique | 55 | ||
| #Resource Actions privileged | 1 | ||
| #Resource Actions direct | 1 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 55 | ||
| #NameSpaces | 1 | ||
| NameSpaces | microsoft.directory: 55 | ||
| Actions | allTasks: 1 read: 54 |
||
| Operations actionVerbs | GET: 54 n/a: 1 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|